Modifying an Existing Mobile VPN Profile
16
Mobile User VPN
Defining advanced Phase 1 settings
To define advanced Phase 1 settings for an Mobile VPN user profile:
1
From the
IPSec Tunnel
tab of the
Edit MUVPN Extended Authentication Group
dialog box,
select
Advanced
.
The Phase1 Advanced Settings dialog box appears.
2
To change the SA (security association) lifetime, type a number in the
SA Life
field, and select
Hour
or
Minute
from the drop-down list
3
From the
Key Group
drop-down list, select the Diffie-Hellman group you want. WatchGuard
supports groups 1, 2, and 5.
Diffie-Hellman groups determine the strength of the master key used in the key exchange
process. The higher the group number, the greater the security but the more time is required to
make the keys.
4
If you want to build an Mobile VPN tunnel between the Firebox and another device that is behind
a NAT device, select the
NAT Traversal
check box. NAT Traversal, or UDP Encapsulation, allows
traffic to get to the correct destinations. To set the
Keep-alive interval
, type the number of
seconds or use the value control to select the number of seconds you want.
5
You must select the
IKE Keep-alive
check box to have the Firebox send messages to its IKE peer
to keep the tunnel open. If you disable the IKE Keep-alive feature, the Mobile VPN client will not
be able to connect to the Firebox.
To set the
Message interval
, type the number of seconds or use the value control to select the
number of seconds you want.
6
To set the maximum number of times the Firebox tries to send an IKE keep-alive message before
it tries to negotiate Phase 1 again, type the number you want in the
Max failures
box.
7
Click
OK
.
Defining advanced Phase 2 settings
To define advanced Phase 2 settings for an Mobile VPN user profile:
1
From the
IPSec Tunnel
tab of the
Edit MUVPN Extended Authentication Group
dialog box,
select
Proposal
.
The Phase2 Proposal dialog box appears.